What is phishing?

Phishing is a fraudulent attempt, usually made through email, to steal your
personal information. The best way to protect yourself from phishing is to
learn how to recognize a phish.

Phishing emails usually appear to come from a well-known organization and ask
for your personal information — such as credit card number, social security
number, account number or password. Often times phishing attempts appear to
come from sites, services and companies with which you do not even have an
account.

In order for Internet criminals to successfully "phish" your personal
information, they must get you to go from an email to a website. Phishing
emails will almost always tell you to click a link that takes you to a site
where your personal information is requested. Legitimate organizations would
never request this information of you via email.

Poor resolution. Phishing websites are often poor in quality, since they
are created with urgency and have a short lifespan. If the resolution on a logo
or in text strikes you as poor, be suspicious.

Forged URL. Even if a link has a name you recognize somewhere in it, it
doesn't mean it links to the real organization. Read URLs from right to left —
the real domain is at the end of the URL. Also, websites where it is safe to
enter personal information begin with "https" — the "s" stands for secure. If
you don't see "https" do not proceed. Look out for URLs that begin with an IP address, such as:
http://12.34.56.78/firstgenericbank/account-update/ — these are likely phishes.